web
This command configures various Web interface settings.
Syntax
(config-system)# web (web)#
|
Command |
Description |
|---|---|
|
blocking-duration-factor |
Defines the number to multiple the previous blocking time for blocking the IP address (management station) or user upon the next failed login scenario. |
|
check-password-history {off|on} |
Enables the device to enforce password history policy (reuse an old password), which prohibits a user from changing its password to any of the user's four previous passwords. |
|
check-weak-psw {off|on} |
Enables the weak password detection feature, which detects if a user in the Local Users table is configured with a weak password (listed in the Weak Passwords List table). |
|
csrf-protection {off|on} |
Enables cross-site request forgery (CSRF) protection of the device's embedded Web server. |
|
deny-auth-timer |
Defines the duration (in seconds) for which login to the Web interface is denied from a specific IP address (management station) for all users, when the number of failed login attempts has exceeded the maximum. |
|
deny-access-counting-valid-time |
Defines the maximum time interval (in seconds) between failed login attempts to be included in the count of failed login attempts for denying access to the user |
|
deny-access-on-fail-count |
Defines the maximum number of failed login attempts, after which the requesting IP address (management station) for all users is blocked. |
|
display-last-login-info {off|on} |
Enables the display of the user's login information upon each successful login attempt. |
|
enforce-password-complexity {off|on} |
Enforces password complexity for users login and SNMP Community Strings. |
|
enforce-web-host-name {off|on} |
Enforces access to the device's Web interface through a hostname only, and blocks any attempt to access the Web interface through the device's IP address. |
|
http-auth-mode {basic|digest-http-only| digest-when-possible} |
Selects HTTP basic (clear text) or digest (MD5) authentication for the Web interface. |
|
http-port |
Defines the device's LAN HTTP port for Web interface access. |
|
https-port |
Defines the device's LAN HTTPS port for secure Web interface access. |
|
invalid-login-report |
Defines how much information is provided in the logged error message when a user attempts to log in to the device with the wrong username or password (i.e., authentication failure). |
|
local-users-table-can-be-empty {off|on} |
Enables (allows) the deletion of all users in the Local Users table. |
|
min-web-password-len |
Defines the minimum length (number of characters) of the management user's login password when password complexity is enabled (using the [EnforcePasswordComplexity] parameter). |
|
req-client-cert {off|on} |
Enables requirement of client certificates for HTTPS Web interface connections. |
|
secured-connection {http-and-https|https-only|https-redirect} |
Defines the protocol (HTTP or HTTPS) for accessing the Web interface. |
|
session-timeout |
Defines the duration (in minutes) of inactivity of a logged-in user in the Web interface, after which the user is automatically logged off the Web session. |
|
user-inactivity-timeout |
Defines the duration (in days) for which a user has not logged in to the Web interface, after which the status of the user becomes inactive and can no longer access the Web interface. |
|
web-hostname |
Defines a hostname (FQDN) for accessing the device's Web interface. |
|
web-if |
Defines Web Interfaces (see web-if). |
|
web-logo-enable {0|1} |
Enables the Web interface to display user-defined text instead of an image (logo). |
|
web-logo-text |
Defines the text that is displayed instead of the logo in the Web interface. |
|
web-password-change-interval |
Defines the minimum duration (in minutes) between login password changes. |
Command Mode
Privileged User
Note
For more information on the commands, refer to the User's Manual.
Example
This example enables requirement of client certificates for HTTPS Web interface connections:
(config-system)# web (web)# req-client-cert on